8.1.1、Operational Risk Management
The organization shall plan, implement, and control a process for managing operational risks to the achievement of applicable requirements, which includes as appropriate to the organization and the products and services:
a. assignment of responsibilities for operational risk management;
b. definition of risk assessment criteria (e.g., likelihood, consequences, risk acceptance);
c. identification, assessment, and communication of risks throughout operations;
d. identification, implementation, and management of actions to mitigate risks that exceed the defined risk acceptance criteria;
e. acceptance of risks remaining after implementation of mitigating actions.
NOTE 1: While clause 6.1 addresses the risks and opportunities when planning for the quality management system of the organization, the scope of this clause (8.1.1) is limited to the risks associated to the operational processes needed for the provision of products and services (clause 8).
NOTE 2: Within the aviation, space, and defense industry, risk is generally expressed in terms of the likelihood of occurrence and the severity of the consequences.